May 03, 2005

On Guard

With the increase in functionality and information presented electronically, however, the need for online security is greater than ever. "The best way for banks to position themselves is to add tools that will keep them one step ahead of fraud," says Digital Envoy's Calpin. But, as banks fight the battle against hackers, cyber criminals bolster their arsenal of weapons to attain corporate and customer data.

Most banks agree that the first step in a sound security strategy is to educate the online community to evolving security risks. Besides posting security measures, some banks also deliver targeted messages to online customers reminding them not to share personal information and passwords.

But efforts cannot stop there, asserts Calpin. "Historically, consumers rarely follow instructions. Yet, consumers also are demanding a safe and secure online environment," he says. "That's why banks must be diligent about providing security measures behind the scenes as well."

Banks need to be armed with the proper tools that will keep them from being a target. Similarly, they also need solutions that are easy for the consumer to use. A logical step is to add a new layer of online authentication.

Typically, user names and passwords are used to authenticate a user. But this practice is easily hacked. By adding two-factor authentication, banks essentially are doubling online security, adding interactive tool-based personalization. The tool may be an additional information-gathering engine that prompts a user to answer a constantly changing personal question, or it can be a physical token, such as a code embedded on a bank card or a device that is linked to a bank's systems and generates random numbers to create a constantly changing password.

Sovereign Bank plans to add two-factor authentication to its online account-accessing process in the near future. "Our online strategy is to provide service that ensures our customers' experiences are as secure as possible," says the bank's Doran-Collins, who notes that she hopes to take two-factor authentication even further. Sovereign is evaluating the benefits of adding an application that can detect if customers are signing on from their home or work-based PCs, she relates.

"If a customer is signing on from a different PC or IP address than usual, this application can alert us to this," Doran-Collins explains. "We can determine if it is our customer by presenting a sample of questions online that only the customer will be able to answer."

While banks are taking strategic measures to protect themselves and customers against online fraud and identity theft, computer crimes accounted for just 9 percent of all known cases of identity fraud in 2004, according to the 2005 Identity Fraud Survey Report conducted by the Better Business Bureau and Javelin Strategy & Research (Pleasanton, Calif.). In an ironic twist, increased use of the online channel may actually cut down on fraud. Many identity fraud crimes can be avoided by reviewing transactions, statements and credit reports online, the study says.

"A key contributor of fraud is the distribution of paper statements," says Bank of America's Wellborn. "One thing that could help ward off this fraud is for customers to stop requesting paper statements."

By promoting e-statements, banks are averting fraud while cutting costs associated with paper and shipping. "This is a strong preventive measure against identity fraud," says CheckFree's Weikert. "Electronic versions of statements, account activity and checks is the way to go."